exploitDog

CVE-2021-29002

Опубликовано: 24 мар. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.

Ссылки

https://github.com/plone/Products.CMFPlone/issues/3255
Exploit
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/49668
Exploit
Third Party Advisory
VDB Entry
https://github.com/plone/Products.CMFPlone/issues/3255
Exploit
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/49668
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:plone:plone:5.2.3:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.0031

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-38g6-x6jv-jwff

github

больше 3 лет назад

Plone XSS Vulnerability

EPSS

Процентиль: 54%

0.0031

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79